But my point is that your gateway on your PC was wrong. How is that a bug from OpenWrt?
I agree, i made a mistake at the beginning with the wrong gateway. But at the end it was correct with V21.02, but no ping 8.8.8.8 from PC.
After downgrading to 19.07.08, the same settings are working perfect, with 192.168.100.2 as the gateway.
And the link from vgaetera guided me to the downgrade.
That specific link was related to issues with pppoe on 20.01-rc4.
It seems that downgrading may have been coincidental to solving the problem, but possibly not the actual solution.
Iām still not convinced that you have found a bug, but if you have, it would be really good to get an understanding of the details of it so that it can be reported and resolved.
1 Like
You are right, no bug. I made a firstboot on 21.02 and rebuild the minimal config by hand. It's working. ping from openWRT and PC are ok.
I do not know where my mistake lay.
Attached net network and firewall config, which solved my whole described scenario in the first post.
@psherman Thank you for your support and time. Now I feel much more confident in dealing with openwrt.
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fdbf:29b3:652a::/48'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.100.2'
option gateway '192.168.1.1'
list dns '192.168.100.9'
option device 'br-lan'
config interface 'wan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.2'
option gateway '192.168.1.1'
list dns '192.168.100.9'
option device 'eth1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 0'
config interface 'Gast'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.130.1'
list dns '192.168.100.9'
option type 'bridge'
config interface 'IoT'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.140.1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option forward 'REJECT'
option name 'GastZone'
option output 'ACCEPT'
list network 'Gast'
option input 'REJECT'
config zone
option input 'ACCEPT'
option forward 'REJECT'
option name 'IoTZone'
option output 'ACCEPT'
list network 'IoT'
config forwarding
option dest 'IoTZone'
option src 'lan'
config forwarding
option dest 'wan'
option src 'GastZone'
config rule
option dest_port '53 67 68'
option src 'GastZone'
option name 'Gast DHCP und DNS'
option target 'ACCEPT'
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.